class Keycloakconnector: keycloak_openid = None def __init__(self, serverurl, realm, clientid, secret): self.keycloak_openid = KeycloakOpenID(server_url=serverurl, client_id=clientid, realm_name=realm, client_secret_key=secret, verify=True) config_well_know = self.keycloak_openid.well_know() # print(config_well_know) def getToken(self, appID, api): token = self.keycloak_openid.token(username="", password="", grant_type=["client_credentials"]) token = token['access_token'] print("Access token = ") print(token) return token # Get JWT public key. def getJWTPublickey(self): cert = self.keycloak_openid.certs() if cert is None: return "" x5c = cert.get('keys')[0]['x5c'][0] x5c = '-----BEGIN CERTIFICATE-----\n' + x5c + '\n-----END CERTIFICATE-----' x509 = OpenSSL.crypto.load_certificate(FILETYPE_PEM, x5c) pubkey = x509.get_pubkey() pubkey = OpenSSL.crypto.dump_publickey(FILETYPE_PEM, pubkey).decode("utf-8") return pubkey
class Keycloakconnector: keycloak_openid = None def __init__(self, serverurl, realm, clientid, secret): self.keycloak_openid = KeycloakOpenID(server_url=serverurl, client_id=clientid, realm_name=realm, client_secret_key=secret, verify=True) config_well_know = self.keycloak_openid.well_know() self.serverurl = serverurl self.realm = realm # print(config_well_know) def getToken(self, appID, api): token = self.keycloak_openid.token(username="", password="", grant_type=["client_credentials"]) token = token['access_token'] print("Access token = ") print(token) return token # Get JWT public key. def getJWTPublickey(self): cert = self.keycloak_openid.certs() if cert is None: return "" x5c = cert.get('keys')[0]['x5c'][0] x5c = '-----BEGIN CERTIFICATE-----\n' + x5c + '\n-----END CERTIFICATE-----' x509 = OpenSSL.crypto.load_certificate(FILETYPE_PEM, x5c) pubkey = x509.get_pubkey() pubkey = OpenSSL.crypto.dump_publickey(FILETYPE_PEM, pubkey).decode("utf-8") return pubkey def getClientRoles(self, clientid, daa_token): api_call_headers = { 'Authorization': 'Bearer ' + daa_token, 'cache-control': "no-cache", "Content-Type": "application/json", "charset": "utf-8" } roles = "" try: # get keycloak client representation (needed to get the value of id_of_client parameter) client_url = self.serverurl + "admin/realms/" + self.realm + "/clients?clientId=" + clientid client_rep = get(client_url, headers=api_call_headers) client_json = json.loads(client_rep.text) id_of_client = client_json[0]["id"] print(id_of_client) # get client roles roles_url = self.serverurl + "admin/realms/" + self.realm + "/clients/" + id_of_client + "/roles" roles_rep = get(roles_url, headers=api_call_headers) keycloak_roles = json.loads(roles_rep.text) if "can_id_read" in keycloak_roles[0]: can_id_read_array = keycloak_roles[0]["description"].split(",") can_id_write_array = keycloak_roles[1]["description"].split( ",") else: can_id_read_array = keycloak_roles[1]["description"].split(",") can_id_write_array = keycloak_roles[0]["description"].split( ",") roles = json.loads('{"can_id_read": "", "can_id_write" : ""}') roles["can_id_read"] = can_id_read_array roles["can_id_write"] = can_id_write_array except JSONDecodeError as error: print( "Json decoding error occurred. Input is not in json format or does not contain the required fields" ) raise SyntaxError except Exception as exp: print("An exception occurred while retrieving client roles {}". format(exp)) return roles
self.message = {"message": message} self.status_code = status_code KEYCLOAK_HOST = getenv("KEYCLOAK_HOST", "http://localhost:8080/auth/") KEYCLOAK_REALM = getenv("KEYCLOAK_REALM", "master") print(f"Waiting for Keycloak {KEYCLOAK_HOST} using realm '{KEYCLOAK_REALM}'.", end='') wait_for_http_connection_to(KEYCLOAK_HOST) try: keycloak_openid = KeycloakOpenID(server_url=KEYCLOAK_HOST, realm_name=KEYCLOAK_REALM, client_id="admin") KEYCLOAK_WELL_KNOW = keycloak_openid.well_know() KEYCLOAK_CERTS = keycloak_openid.certs() oAuthBearer = OAuth2AuthorizationCodeBearer( authorizationUrl=KEYCLOAK_WELL_KNOW['authorization_endpoint'], tokenUrl=KEYCLOAK_WELL_KNOW['token_endpoint']) except Exception as e: print(f"...failed: {e}. Endpoints with Authorization will not work.") def oAuthBearer(): raise AuthError("Keycloak not set up correctly!", 500) async def parse_bearer_token(security_scopes: SecurityScopes, token: str = Depends(oAuthBearer)):
except pamh.exception, e: return e.pam_result if user is None: pamh.user = DEFAULT_USER try: # Configure client keycloak_openid = KeycloakOpenID( server_url=options['server_url'], realm_name=options['realm_name'], client_id=options['client_id'], client_secret_key=options['client_secret_key'], verify=True) # Get WellKnow config_well_know = keycloak_openid.well_know() except KeycloakError, e: pam_syslog( syslog.LOG_NOTICE, pamh, "auth", "unable to authenticate for %s: %d %s" % (user, e.response_code, e.error_message)) return pamh.PAM_AUTHINFO_UNAVAIL if pamh.authtok is None: passmsg = pamh.Message(pamh.PAM_PROMPT_ECHO_OFF, "Password: ") res = pamh.conversation(passmsg) pamh.authtok = res.resp try: token = keycloak_openid.token(user, pamh.authtok)